The FBI Planted Backdoors to Easily Spy on the Internet, Claims Collaborator

Illustration for article titled The FBI Planted Backdoors to Easily Spy on the Internet, Claims Collaborator

Ten years ago, the FBI planted "a number of backdoors" in OpenBSD's IPSEC (Internet Protocol Security) stack, a secure communication protocol that is used in sites all around the world. That's what the person who was paid to do it says:

I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF (OpenBSD/FreeBSD Cryptographic Framework), for the express purpose of monitoring the site to site VPN (Virtual Private Network) encryption system implemented by EOUSA (Executive Office for United States Attorneys), the parent organization to the FBI.

This is also probably the reason why you lost your DARPA funding, they more than likely caught wind of the fact that those backdoors were present and didn't want to create any derivative products based upon the same.

Advertisement

If these allegations—made by NETSEC's former Chief Technology Officer Gregory Perry—are true, everyone using this communication protocol could have been exposed to the FBI's electronic spies without being aware of it.

In a mail sent to the OpenBSD project leader Theo de Raadt, Perry claims that they were paid by the FBI to do this dirty—or patriotic, depending on who you ask—job. After ten years, Perry says that his Non Disclosure Agreement with the FBI is over, and that's why he wanted everyone to know.

Theo de Raadt sent the mail to the OpenBSD community, which has already started the hunt for the FBI backdoors allegedly placed by Perry's NETSEC developers:

It is alleged that some ex-developers (and the company they worked for) accepted US government money to put backdoors into our network stack. Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products. Over 10 years, the IPSEC code has gone through many changes and fixes, so it is unclear what the true impact of these allegations are.

The problem, however, may be a lot bigger than that. If this has happened once, how many more of these backdoors exist in other allegedly secure protocols and internet tools? That's what I want to know. [Ars Technica]

DISCUSSION

norwoodismyhero
NorwoodIsMyHero

You mean stuff I put on the intertubes isn't private?

I....I... I am....

completely unsurprised and honestly don't give a shit..

The stress of getting up in arms about this > the stress of dealing with the potential implications of it.

Want to steal my credit card numbers? Fine go ahead. I have zero liability coverage for fraudulent charges, and have dealt with the credit card companies to get it cleaned up before. Its not that hard, and if you've had trouble removing fraudulent charges, its because you are probably an ass to credit card customer service reps who summarily decide to make your life more miserable than it already is. You deserve what you get then.

Want to steal my bank account information? See above.

Wanna take out a loan in my name? See above. Credit reports are easy to monitor and deal with identity theft.

Oh and for all of you slippery slope 1984-ers, I just honestly don't care. Its not going to happen. Believe otherwise if you want, but the only people you're creating fear and stress for are yourselves.